Forums Archived

This forum has been archived. No new posts can be made and no new users can sign up. It remains here for reference only.

Find the new forums here

Auto https between controller and targets

  • Last Post 10 September 2021
  • Topic Is Solved
maggi373 posted this 09 September 2021

I would love to have an automated system that encrypts traffic between the controller and its targets automaticly. Then i only need to do https manually if needed on main controller since its the only one that is publicly accessable. Not every server has its own public ipv4 to use AMP's let's encrypt installer.

Order By: Standard | Newest | Votes
Mike posted this 09 September 2021

That's how it works already. The controller provides the https offloading and you use the system firewall on the targets so that only the controller can access the AMP port ranges.

maggi373 posted this 09 September 2021

so it encrypts the traffic between controller and target, then im doing something wrong. I can access the targets both trough an man-in-the-middle attack and sniffing the packets since theyre not encrypted. I have several controllers since not of all my servers is in the same LAN and i host alot of other stuff aswell.

Mike posted this 10 September 2021

Ah no it doesn't between the controller and targets without a certificate for HTTPS. There's no plans to add that since you'd firewall it out. If you're subject to a man-in-the-middle attack the network is already considered fully compromised anyway. The game servers themselves don't encrypt traffic so passwords sent for things like RCON would be compromised. It's worth noting that AMP doesn't send passwords in this manner, it uses single-use tokens that are tied to the source IP so even if someone intercepted one - they wouldn't be able to use it.

What you can do if you can't use normal HTTPS is tunnel the connections over SSH which would encrypt the traffic between hosts. You can find plenty of guides on setting up SSH tunnels, but this isn't something we intend to build into AMP.

maggi373 posted this 10 September 2021

Thx for the answer, the usecase was mainly for servers on different networks. I'm going to tunnel the traffic then.